A UK view on Cyber, Information & IT Security by Security Expert Dave Whitelegg. Providing advice and explaining security for everyone, and also contemplating advanced themes and future trends in security.
With a focus on all the latest developments & issues within the UK Information Security space such as Hacking, DDoS, Botnets, Malware, Identity Theft, Data Protection (DPA) and regulatory compliance like PCI DSS & ISO27001:2013, all will be explained in an easy to understand way.

Wednesday, 12 February 2014

How Microsoft will help Hackers attack Windows XP

Yesterday was Patch Tuesday, as usual Microsoft released a series of monthly security patches for its software.

Most notable in February's patch list, are the several 'Critical' patches, which resolve Remote Code Execution vulnerabilities in all versions of Microsoft Windows. This includes a specific security patch download for Microsoft Windows XP systems, demonstrating Windows XP vulnerabilities still keep on coming, but there is another really interesting point with these monthly Microsoft Security Bulletin announcements, which is they will aid hackers in attacking the Windows XP operating system.

How Microsoft will help Hackers attack Windows XPPost 8th April 2014, Microsoft will be advertising to hackers a list of Windows XP vulnerabilities which will remain unpatched. As every time Microsoft announce fixes for newly discovered vulnerabilities within multiple versions of Windows operating systems, as Microsoft did yesterday, they will be in effect listing these new vulnerabilities are present and will remain unpatched on Windows XP indefinitely. We can expect new XP vulnerabilities to be targeted given the huge number of XP machines still in circulation worldwide, which are in the hundreds of millions according to many recent surveys.

Why this is a problem for non-XP usersThose of us not running XP should not be too smug about this, as the end of Windows XP security patching is grave concern for everyone. More compromised Windows XP systems equates to their usage in targeting everyone, regardless of operating system. Compromised systems are often placed into large botnets of devices, allowing the bad guys to systematically direct phishing attacks, send spam and conduct DDoS attacks.

Does Microsoft have a moral duty to carry on patching XP?So given this, does Microsoft have a moral and security responsibility to keep on patching Windows XP post April? On the one hand I understand their commercial aspect and the advantage of standardising on less versions, however on the other hand given the mass numbers of Windows XP systems still in use, I think Microsoft does have a moral duty to keep on security patching Windows XP after April, and play its part in protecting everyone.

UK Government Windows XP AdviceThe UK government recently released its Window XP advice to UK organisations. This CESG guidance urges the retirement of WIndows XP and Office 2003 before 8th April 2014, but provides some short-term mitigation advice for organisations that will struggle to meet the deadline.

About Me

ShareThis

Disclaimer

This is a personal website, all views or opinions represented in this blog are personal to Dave Whitelegg and guest bloggers that post, and do not represent the views or opinions of any business or organisation. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information.

All original content copyright David Whitelegg 2007-2016. You may not use any original content with. Awesome Inc. template. Powered by Blogger.